Post on 25-Dec-2015
Access ControlAccess Control
Chapter 5Chapter 5
Copyright Pearson Prentice Hall Copyright Pearson Prentice Hall 20132013
Define basic access control terminology. Describe physical building and computer security. Explain reusable passwords. Explain how access cards and tokens work. Describe biometric authentication, including verification
and identification. Explain authorizations. Explain auditing. Describe how central authentication servers work. Describe how directory servers work. Define full identity management.
2Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
If attackers cannot get access to your resources, they cannot attack them
This chapter presents a number of important access control tools, such as reusable passwords and biometrics
We covered crypto before access controls because many access controls use cryptography
However, not all access controls use crypto, and those that do usually use it for only part of their process
4Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
5.1 Introduction5.1 Introduction
5.2 Physical Access and Security5.2 Physical Access and Security
5.3 Passwords5.3 Passwords
5.4 Access Cards and Tokens5.4 Access Cards and Tokens
5.5 Biometric Authentication5.5 Biometric Authentication
5.6 Cryptographic Authentication5.6 Cryptographic Authentication
5.7 Authorization5.7 Authorization
5
5.8 Auditing5.8 Auditing
5.9 Central Authentication Servers5.9 Central Authentication Servers5.10 Directory Servers and Identity 5.10 Directory Servers and Identity
ManagementManagementCopyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Access Controls◦ Firms must limit access to physical and electronic
resources
◦ Access control is the policy-driven control of access to systems, data, and dialogues
Cryptography◦ Many access control tools use cryptography to
some extent
◦ However, cryptography is only part of what they do and how they work
6Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
The AAA Protections◦ Authentication—supplicant sends credentials to
verifier to authenticate the supplicant
◦ Authorization—what permissions the authenticated user will have What resources he or she can get to at all What he or she can do with these resources
◦ Auditing—recording what people do in log files Detecting attacks Identifying breakdowns in implementation
7Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Beyond Passwords◦ Passwords used to be sufficiently strong
◦ This is no longer true thanks to increasing computer speeds available to hackers
◦ Companies must move to better authentication options
8Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Credentials Are Based on◦ What you know (e.g., a password)
◦ What you have (e.g., an access card)
◦ What you are, or (e.g., your fingerprint)
◦ What you do (e.g., speaking a passphrase)
9Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Two-Factor Authentication◦ Use two forms of authentication for defense in
depth
◦ Example: access card and personal identification number (PIN)
◦ Multifactor authentication: two or more types of authentication
◦ But this can be defeated by a Trojan horse on the user’s PC
◦ It can also be defeated by a man-in-the-middle attack by a fake website
10Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Individual and Role-Based Access Control◦ Individual access control—base access rules on
individual accounts
◦ Role-based access control (RBAC) Base access rules on organizational roles
(buyer, member of a team, etc.) Assign individual accounts to roles to give
them access to the role’s resources Cheaper and less error-prone than basing
access rules on individual accounts
11Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Human and Organizational Controls◦ People and organizational forces may circumvent
access protections
12Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Mandatory and Discretionary Access Control◦ Mandatory access control (MAC)
No departmental or personal ability to alter access control rules set by higher authorities
◦ Discretionary access control (DAC) Departmental or personal ability to alter
access control rules set by higher authorities
◦ MAC gives stronger security but is very difficult to implement
13Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Multilevel Security◦ Resources are rated by security level
Public Sensitive but unclassified Secret Top secret
◦ People are given the same clearance level
14Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Multilevel Security◦ Some rules are simple
People with a secret clearance cannot read top- secret documents
◦ Some rules are complex What if a paragraph from a top secret
document is placed in a secret document?
◦ Access control models have been created to address multilevel security Will not discuss because not pertinent to
corporations
15Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
5.1 Introduction5.1 Introduction
5.2 Physical Access and Security5.2 Physical Access and Security
5.3 Passwords5.3 Passwords
5.4 Access Cards and Tokens5.4 Access Cards and Tokens
5.5 Biometric Authentication5.5 Biometric Authentication
5.6 Cryptographic Authentication5.6 Cryptographic Authentication
5.7 Authorization5.7 Authorization
16
5.8 Auditing5.8 Auditing
5.9 Central Authentication Servers5.9 Central Authentication Servers5.10 Directory Servers and Identity 5.10 Directory Servers and Identity
ManagementManagementCopyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
ISO/IEC 27002’s Security Clause 9, Physical and Environmental Security
Risk Analysis Must Be Done First
ISO/IEC 9.1: Secure Areas◦ Securing the building’s physical perimeter (single
point of entry, emergency exits, etc.)
◦ Implementing physical entry controls Access should be justified, authorized, logged,
and monitored
17Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
ISO/IEC 9.1: Secure Areas◦ Securing public access, delivery, and loading
areas
◦ Securing offices, rooms, and facilities
◦ Protecting against external and environmental threats
◦ Creating rules for working in secure areas Limit unsupervised work, forbid data recording
devices, etc.
18Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
9.2 Equipment Security◦ Equipment siting and protection
Siting means locating or placing (same root as site)
◦ Supporting utilities (electricity, water, HVAC) Uninterruptible power supplies, electrical
generators Frequent testing
19Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
9.2 Equipment Security◦ Cabling security (conduits, underground wiring,
etc.)
◦ Security during offsite equipment maintenance Permission for taking offsite Removal of sensitive information
20Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
9.2 Equipment Security◦ Security of equipment off-premises
Constant attendance except when locked securely
Insurance
◦ Secure disposal or reuse of equipment Removal of all sensitive information
◦ Rules for the removal of property
21Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Terrorism◦ Building setback from street
◦ Armed guards
◦ Bullet-proof glass
Piggybacking◦ Following an authorized user through a door
◦ Also called tailgating
◦ Psychologically difficult to prevent
◦ But piggybacking is worth the effort to prevent
22Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Monitoring Equipment◦ CCTV
◦ Tapes wear out
◦ High-resolution cameras are expensive and consume a great deal of disk space
◦ Low-resolution cameras may be insufficient for recognition needs
◦ To reduce storage, use motion sensing
23Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Dumpster[TM] Diving◦ Protect building trash bins that may contain
sensitive information
◦ Maintain trash inside the corporate premises and monitor until removed
Desktop PC Security◦ Locks that connect the computer to an immovable
object
◦ Login screens with strong passwords
24Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
5.1 Introduction5.1 Introduction
5.2 Physical Access and Security5.2 Physical Access and Security
5.3 Passwords5.3 Passwords
5.4 Access Cards and Tokens5.4 Access Cards and Tokens
5.5 Biometric Authentication5.5 Biometric Authentication
5.6 Cryptographic Authentication5.6 Cryptographic Authentication
5.7 Authorization5.7 Authorization
25
5.8 Auditing5.8 Auditing
5.9 Central Authentication Servers5.9 Central Authentication Servers5.10 Directory Servers and Identity 5.10 Directory Servers and Identity
ManagementManagementCopyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Reusable Passwords◦ A password that is used multiple times
◦ Almost all passwords are reusable passwords
◦ A one-time password is used only once
26Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Difficulty of Cracking Passwords by Guessing Remotely◦ Account is usually locked after a few login failures
Password-Cracking Programs◦ Password-cracking programs exist
Run on a computer to crack its passwords or Run on a downloaded password file
27Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Password Policies◦ Regularly test the strength of internal passwords
◦ Not using the same password at multiple sites
◦ Use password management programs
◦ Password duration policies
◦ Shared password policies (makes auditing impossible)
◦ Disabling passwords that are no longer valid
28Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Other Password Policies◦ Lost passwords (password resets)
Opportunities for social engineering attacks
Automated password resets use secret questions (Where were you born?) Many can be guessed with a little research, rendering
passwords useless Some questions may violate security policies
29Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Password Strength Policies◦ Password policies must be long and complex
At least 8 characters long Change of case, not at beginning Digit (0 through 9), not at end Other keyboard character, not at end Example: tri6#Vial
◦ Completely random passwords are best but usually are written down
30Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
The End of Passwords?◦ Many firms want to eliminate passwords because
of their weaknesses
◦ Quite a few firms have already largely phased them out
32Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
5.1 Introduction5.1 Introduction
5.2 Physical Access and Security5.2 Physical Access and Security
5.3 Passwords5.3 Passwords
5.4 Access Cards and Tokens5.4 Access Cards and Tokens
5.5 Biometric Authentication5.5 Biometric Authentication
5.6 Cryptographic Authentication5.6 Cryptographic Authentication
5.7 Authorization5.7 Authorization
33
5.8 Auditing5.8 Auditing
5.9 Central Authentication Servers5.9 Central Authentication Servers5.10 Directory Servers and Identity 5.10 Directory Servers and Identity
ManagementManagementCopyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Access Cards◦ Magnetic stripe cards
◦ Smart cards Have a microprocessor and RAM Can implement public key encryption for
challenge/response authentication
◦ In selection decision, must consider cost and availability of card readers
34Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Tokens◦ Constantly changing password devices for one-
time passwords
◦ USB plug-in tokens
36Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Proximity Access Tokens◦ Use Radio Frequency ID (RFID) technology
◦ Supplicant only has to be near a door or computer to be recognized
Addressing Loss and Theft◦ Both are frequent
◦ Card cancellation Requires a wired network for cancellation speed Must cancel quickly if risks are considerable
37Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Two-Factor Authentication Needed because of Ease of Loss and Theft◦ PINs (Personal Identification Numbers) for the
second factor Short: 4 to 6 digits Can be short because attempts are manual Should not choose obvious combinations
(1111, 1234) or important dates
◦ Other forms of two-factor authentication Store fingerprint template on device; check
supplicant with a fingerprint reader
38Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
5.1 Introduction5.1 Introduction
5.2 Physical Access and Security5.2 Physical Access and Security
5.3 Passwords5.3 Passwords
5.4 Access Cards and Tokens5.4 Access Cards and Tokens
5.5 Biometric Authentication5.5 Biometric Authentication
5.6 Cryptographic Authentication5.6 Cryptographic Authentication
5.7 Authorization5.7 Authorization
39
5.8 Auditing5.8 Auditing
5.9 Central Authentication Servers5.9 Central Authentication Servers5.10 Directory Servers and Identity 5.10 Directory Servers and Identity
ManagementManagementCopyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Biometric Authentication◦ Authentication based on biological (bio)
measurements (metrics). Biometric authentication is based on
something you are (your fingerprint, iris pattern, face, hand geometry, and so forth)
Or something you do (write, type, and so forth)
◦ The major promise of biometrics is to make reusable passwords obsolete
40Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Biometric Systems (Figure 5-10)◦ Enrollment (enrollment scan, process for key
features, store template) Scan data is variable (scan fingerprint
differently each time) Key features extracted from the scan should
be the nearly the same
◦ Later access attempts provide access data, which will be turned into key feature data for comparison with the template
41Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Biometric Systems (Figure 5-11)◦ Biometric access key features will never be
exactly the same as the template
◦ There must be configurable decision criteria for deciding how close a match (match index) to require Requiring an overly exact match index will
cause many false rejections Requiring too loose a match index will cause
more false acceptances
42Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Errors versus Deception
False Acceptance Rates (FARs)◦ Percentage of people who are identified or
verified as matches to a template but should not be
False Rejection Rates (FRRs)◦ Percentage of people who should be identified or
verified as matches to a template but are not
46Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Which Is Worse?◦ It depends on the situation
47
Situation False acceptance
False rejection
Identification for computer access
Security Violation
Inconvenience
Verification for computer access
Security Violation
Inconvenience
Watch list for door access
Security Violation
Inconvenience
Watch list for terrorists Inconvenience Security Violation
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Vendor Claims for FARs and FRRs◦ Tend to be exaggerated through tests under ideal
conditions
Failure to Enroll (FTE)◦ Subject cannot enroll in system
◦ Examples: poor fingerprints due to construction work, clerical work, age, etc.
48Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Deception◦ Errors: when subject is not trying to fool the
system
◦ Deception: when subject is trying to fool the system Hide face from cameras used for face
identification Impersonate someone by using a gelatin
finger on a fingerprint scanner Etc.
49Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Deception◦ Many biometric methods are highly vulnerable to
deception Fingerprint scanners should only be used
where the threat of deception is very low Fingerprint scanners are better than
passwords because there is nothing to forget Fingerprint scanners are good for convenience
rather than security
50Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Verification◦ Supplicant claims to be a particular person
◦ Is the supplicant who he or she claims to be?
◦ Compare access data to a single template (the claimed identity)
◦ Verification is good to replace passwords in logins
◦ If the probability of a false acceptance (false match) probability is 1/1000 per template match, The probability of a false acceptance is 1/1000
(0.1%)
51Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Identification◦ Supplicant does not state his or her identity
◦ System must compare supplicant data to all templates to find the correct template
◦ If the probability of a false acceptance (false match) probability is 1/1000 per template match, If there are 500 templates in the database, then the probability of a false acceptance is 500 *
1/1000 (50%)
◦ Good for door access
52Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Watch Lists◦ Subset of identification
◦ Goal is to identify members of a group Terrorists People who should be given access to an
equipment room
53Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Watch Lists◦ More comparisons than validation but fewer than
identification, so the risk of a false acceptance is intermediate
◦ If the probability of a false acceptance (false match) probability is 1/1000 per template match, If there are 10 templates in the watch list,
then The probability of a false acceptance is 10 *
1/1000 (1%)
54Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Fingerprint Recognition◦ Simple, inexpensive, well proven
◦ Most biometrics today is fingerprint recognition
◦ Often can be defeated with latent fingerprints on glasses copied to gelatin fingers
◦ However, fingerprint recognition can take the place of reusable passwords for low-risk applications
55Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Iris Recognition◦ Pattern in colored part of eye
◦ Uses a camera (no light is shined into eye, as in Hollywood movies)
◦ Very low FARs
◦ Very expensive
58Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Face Recognition◦ Surreptitious identification is possible (in airports,
etc.)
◦ Surreptitious means without the subject’s knowledge
◦ High error rates, even without deception
Hand Geometry for Door Access◦ Shape of hand
◦ Reader is very large, so usually used for door access
60Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Voice Recognition◦ High error rates
◦ Easily deceived by recordings
Other Forms of Biometric Authentication◦ Veins in the hand
◦ Keystroke recognition (pace in typing password)
◦ Signature recognition (hand-written signature)
◦ Gait (way the person walks) recognition
62Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
5.1 Introduction5.1 Introduction
5.2 Physical Access and Security5.2 Physical Access and Security
5.3 Passwords5.3 Passwords
5.4 Access Cards and Tokens5.4 Access Cards and Tokens
5.5 Biometric Authentication5.5 Biometric Authentication
5.6 Cryptographic Authentication5.6 Cryptographic Authentication
5.7 Authorization5.7 Authorization
63
5.8 Auditing5.8 Auditing
5.9 Central Authentication Servers5.9 Central Authentication Servers5.10 Directory Servers and Identity 5.10 Directory Servers and Identity
ManagementManagementCopyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Key Points from Chapter 3◦ Cryptographic systems have initial and message-
by-message authentication
◦ MS-CHAP uses passwords for initial authentication
◦ Electronic signatures provide message-by-message authentication Key-Hashed Message Authentication Codes
(HMACs) are fast and inexpensive Digital signatures with digital certificates are
extremely strong but slow
◦ Chapter 3 did not mention that public key authentication with digital certificates are also good for initial authentication
64Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Public Key Infrastructures (PKIs) (Figure 5-18)◦ Firms can be their own certificate authorities
(CAs)
◦ But this requires a great deal of labor
◦ Provisioning Giving the user access credentials
65Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Public Key Infrastructures (PKIs) (Figure 5-18)◦ Provisioning
Human registration is often the weakest link If an impostor is given credentials, no technology access
controls will work Limit who can submit names for registration Limit who can authorize registration Have rules for exceptions
Must have effective terminating procedures Supervisors and Human Resources department
must assist
67Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
5.1 Introduction5.1 Introduction
5.2 Physical Access and Security5.2 Physical Access and Security
5.3 Passwords5.3 Passwords
5.4 Access Cards and Tokens5.4 Access Cards and Tokens
5.5 Biometric Authentication5.5 Biometric Authentication
5.6 Cryptographic Authentication5.6 Cryptographic Authentication
5.7 Authorization5.7 Authorization
68
5.8 Auditing5.8 Auditing
5.9 Central Authentication Servers5.9 Central Authentication Servers5.10 Directory Servers and Identity 5.10 Directory Servers and Identity
ManagementManagementCopyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Authorizations◦ Authentication: proof of identity
◦ Authorization: the assignment of permissions (specific authorizations) to individuals or roles
◦ Just because you are authenticated does not mean that you should be able to do everything
69Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Principle of Least Permissions◦ Initially give people only the permissions a person
absolutely needs to do his or her job
◦ If assignment is too narrow, additional permissions may be given If assignment is too narrow, the system fails
safely
70Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Principle of Least Permissions◦ System has permissions A, B, C, D, E, and F
Person needs A, C, and E If only given A and C, can add E later although
user will be inconvenienced Errors tend not to create security problems Fails safely
◦ This will frustrate users somewhat
71Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Giving Extensive or Full Permissions Initially Is Bad◦ User will almost always have the permissions to do
its job
◦ System has permissions A, B, C, D, E, and F Person needs A, C, and E If only given all and take away B and D, still has
F Errors tend to create security problems
72Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Giving Extensive or Full Permissions Initially Is Bad◦ Assignments can be taken away, but this is
subject to errors
◦ Such errors could give excessive permissions to the user
◦ This could allow the user to take actions contrary to security policy
◦ Giving all or extensive permissions and taking some away does not fail safely
73Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
5.1 Introduction5.1 Introduction
5.2 Physical Access and Security5.2 Physical Access and Security
5.3 Passwords5.3 Passwords
5.4 Access Cards and Tokens5.4 Access Cards and Tokens
5.5 Biometric Authentication5.5 Biometric Authentication
5.6 Cryptographic Authentication5.6 Cryptographic Authentication
5.7 Authorization5.7 Authorization
74
5.8 Auditing5.8 Auditing
5.9 Central Authentication Servers5.9 Central Authentication Servers5.10 Directory Servers and Identity 5.10 Directory Servers and Identity
ManagementManagementCopyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Auditing◦ Authentication: who a person is
◦ Authorization: what a person may do with a resource
◦ Auditing: what the person actually did
75Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Logging◦ Events
◦ On a server, logins, failed login attempts, file deletions, and so forth
◦ Events are stored in a log file
76Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Log Reading◦ Regular log reading is crucial or the log becomes
a useless write-only memory
◦ Periodic external audits of log file entries and reading practices
◦ Automatic alerts for strong threats
77Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
5.1 Introduction5.1 Introduction
5.2 Physical Access and Security5.2 Physical Access and Security
5.3 Passwords5.3 Passwords
5.4 Access Cards and Tokens5.4 Access Cards and Tokens
5.5 Biometric Authentication5.5 Biometric Authentication
5.6 Cryptographic Authentication5.6 Cryptographic Authentication
5.7 Authorization5.7 Authorization
78
5.8 Auditing5.8 Auditing
5.9 Central Authentication Servers5.9 Central Authentication Servers5.10 Directory Servers and Identity 5.10 Directory Servers and Identity
ManagementManagementCopyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
5.1 Introduction5.1 Introduction
5.2 Physical Access and Security5.2 Physical Access and Security
5.3 Passwords5.3 Passwords
5.4 Access Cards and Tokens5.4 Access Cards and Tokens
5.5 Biometric Authentication5.5 Biometric Authentication
5.6 Cryptographic Authentication5.6 Cryptographic Authentication
5.7 Authorization5.7 Authorization
82
5.8 Auditing5.8 Auditing
5.9 Central Authentication Servers5.9 Central Authentication Servers5.10 Directory Servers and Identity 5.10 Directory Servers and Identity
ManagementManagementCopyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
85
Domains are Controlledby Domain ControllersDomains are Controlledby Domain ControllersThe Corporation Is
Divided IntoMicrosoft Domains
The Corporation IsDivided Into
Microsoft Domains
Each Domain ControllerRuns Kerberos and AD
Each Domain ControllerRuns Kerberos and AD A Domain Can Have
Multiple Domain ControllersA Domain Can Have
Multiple Domain Controllers
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
86
Not Shown:There Can Be a Forest of Trees
Not Shown:There Can Be a Forest of Trees
There Can Be aTree of DomainsThere Can Be aTree of Domains
Domain Controllers inParent and Child
DomainsDo Partial Replication
Domain Controllers inParent and Child
DomainsDo Partial Replication
Domain Controllers in aDomain Do Total
Replication
Domain Controllers in aDomain Do Total
Replication
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Trust◦ One directory server will accept information from
another
Trust Directionality◦ Mutual
A trusts B and B trusts A
◦ One-Way A trusts B or B trusts A, but not both
87Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Trust Transitivity◦ Transitive Trust
If A trusts B and B trusts C,
then A trusts C automatically
◦ Intransitive Trust If A trusts B
and B trusts C, This does NOT mean that A trusts C automatically
88Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
89 Copyright Pearson Prentice-Hall Copyright Pearson Prentice-Hall 20132013
A Metadirectory Server
Synchronizes MultipleDirectory Servers
A Metadirectory Server
Synchronizes MultipleDirectory Servers
90
In Federated Identity Management,Business Partners Do Not Access Each Other’s Databases.
Instead, They Send Assertions About a Person.The Receiver Trusts the Assertions.
In Federated Identity Management,Business Partners Do Not Access Each Other’s Databases.
Instead, They Send Assertions About a Person.The Receiver Trusts the Assertions.
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
91
Types of Assertions:Authentication, Authorizations, Attributes.
Assertions Are Standardized by SAML.SAML Uses XML for Platform Independence.
Types of Assertions:Authentication, Authorizations, Attributes.
Assertions Are Standardized by SAML.SAML Uses XML for Platform Independence.
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Definition◦ Identity management is the centralized policy-
based management of all information required for access to corporate systems by a person, machine, program, or other resource
92Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Benefits of Identity Management◦ Reduction in the redundant work needed to
manage identity information
◦ Consistency in information
◦ Rapid changes
◦ Central auditing
◦ Single sign-on
◦ Increasingly required to meet compliance requirements
◦ At least reduced sign-on when SSO is impossible
93Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Identity◦ The set of attributes about a person or nonhuman
resource that must be revealed in a particular context Subordinate to a particular person Manager of a department Buyer dealing with another company Manager responsible for a database
◦ Principle of minimum identity data: only reveal the information necessary in a particular context
94Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Identity Management◦ Initial credential checking
◦ Defining identities (pieces of information to be divulged)
◦ Managing trust relationships
◦ Provisioning, reprovisioning if changes, and deprovisioning
95Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Identity Management◦ Implementing controlled decentralization
Do as much administration as possible locally This requires tight policy controls to avoid
problems
◦ Providing self-service functions for non-sensitive information Marital status, etc.
96Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013